| Port No | 81 |
| Service Name | hosts2-ns |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | HOSTS2 Name Server |
| Reference Link | POrt 81 TCP Service: hosts2-ns More Information |
| Attack | Name: Asylum, W32.Beagle.S@mm MoreInformation: W32.Beagle.S@mm is a variant of W32.Beagle.O@mm. This worm attempts to send an HTML email to addresses found in files on an infected computer. The email does not contain an attachment of the worm. Instead, the HTML email uses the Microsoft Internet Explorer Object Tag Vulnerability that allows for the automatic download and execution of a file hosted on a remote Web site. This file is a copy of the worm, but may change in the future. The worm also opens a backdoor, starts a Web server on TCP port 81 to serve the worm, and attempts to spread through file-sharing networks by copying itself to the folders with "shar" in their names. The worm is also a file infector that appends itself to the .exe files found in the c:\emails folder on the computer. We recommend that Network administrators consider doing the following: 1. Content filter on the IPs listed in step 11 of the "Technical Details" section 2. Content filter on the subject lines (and if appropriate the From addresses) listed step 11 of the "Technical Details" section 3. Obtain the patch as described in Microsoft Security Bulletin MS03-040 Block traffic on port 81 (unless you need that port) |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.